operator import
The operator import
command imports secrets from external systems in to Vault.
Secrets with the same name at the same storage path will be overwritten upon import.
Imports can be long-running processes
You can write import plans that read from as many sources as you want. The amount of data migrated for each source depends on the filters applied and the dataset available. Be mindful of the time needed to read from each source, apply any filters, and store the data in Vault.
Examples
Read the config file import.hcl
to generate a new import plan:
Output:
Configuration
The operator import
command uses a dedicated configuration file to specify the source,
destination, and mapping rules. To learn more about these types and secrets importing,
refer to the Secrets Import documentation.
Usage
Arguments
plan
- Executes a read-only operation to let operators preview the secrets to import based on the configuration file.apply
- Executes the secrets import operations to bring the specified secrets from the source into Vault. Apply first executes a plan, then asks the user to approve the results before performing the actual import.
Flags
The operator import
command accepts the following flags:
-config
(string: "import.hcl")
- Path to the import configuration HCL file. The default path isimport.hcl
.-auto-approve
(bool: <false>)
- Automatically response "yes" to all user-input prompts for theapply
command.-auto-create
(bool: <false>)
- Automatically creates any missing namespaces and mounts when running theapply
command.-log-level
(string: "info")
- Log verbosity level. Supported values (in order of descending detail) aretrace
,debug
,info
,warn
, anderror
. You can also set log-level with theVAULT_LOG_LEVEL
environment variable.